Cybersecurity News | Daily Recap [29 Jul 2025]

hendryadrian.com

hendryadrian.com

Cyberattacks & Threat Actor Activity

• French telecom Orange suffered a cyberattack linked to China’s Salt Typhoon group causing service disruptions but no confirmed data theft – Orange Cyberattack, Orange Attack Follow-up
• Aeroflot faced a major cyberattack led by pro-Ukrainian hackers Silent Crow and Belarus Cyber-Partisans, causing 100+ flight cancellations and data theft amid geopolitical tensions – Aeroflot Cyberattack, Aeroflot Flight Disruptions, Aeroflot IT Compromise
• Poland arrested 32 suspects collaborating with Russian intelligence on sabotage and disinformation campaigns as part of hybrid warfare – Poland Sabotage Arrests
• Massachusetts electric utility disclosed a data breach exposing over 514 individuals’ sensitive info linked to the BlackSuit ransomware gang – Massachusetts Data Breach
• Arizona woman sentenced for aiding North Korean IT workers in a $17M remote job scam funneling funds for nuclear programs – North Korea Job Scam
• Allianz Life reported personal data theft affecting the majority of customers due to a social engineering attack by the Scattered Spider hacking group – Allianz Life Data Theft
• The FBI issued a warning about The Com, a cybercriminal network involving minors engaged in cybercrime and real-world violence – FBI The Com Alert
• Naval Group, France’s warship builder, denies cyber intrusions despite a 1TB data leak on hacking forums attributed to reputational attacks – Naval Group Denial, Naval Group Data Leak

Ransomware & Cryptocurrency Seizures

• The FBI seized over $2.4 million in Bitcoin tied to the new Chaos ransomware affiliate “Hors” targeting Texas, part of efforts against gangs related to Conti and BlackSuit – Chaos Ransomware Bitcoin Seizure

Vulnerabilities & Exploits

• CISA added critical vulnerabilities affecting Cisco ISE and PaperCut NG/MF to the Known Exploited Vulnerabilities catalog, urging immediate patching amid active exploitation – CISA Cisco & PaperCut, Cisco ISE Exploit, PaperCut RCE Patch
• A macOS vulnerability called Sploitlight (CVE-2025-31199) bypasses system protections to leak sensitive user and Apple Intelligence data via Spotlight plugins – Sploitlight Vulnerability, Microsoft Sploitlight Report
• A Google Gemini CLI flaw allowed stealthy code execution and data exfiltration from developers’ systems, now fixed in version 0.1.14 – Gemini CLI Flaw
• Endgame Gear’s mouse configuration tool was infected with the XRed backdoor malware causing keylogging and data exfiltration risks for users – Endgame Gear Malware
• Lovense sex toy app flaws leaked private emails and enabled account hijacking, underlining security risks for connected devices – Lovense App Flaws
• Hackers breached Toptal’s GitHub to publish 10 malicious npm packages with 5,000+ downloads, exemplifying ongoing open-source supply chain threats – Toptal GitHub Supply Chain Attack

Phishing, Scams & Social Engineering

• Romania warned of a phishing scam impersonating newly re-appointed Finance Minister Alexandru Nazare to steal personal and financial data – Romania Finance Scam
• Cybercriminals targeted South Korean Android and iOS users with the SarangTrap malware spread through fake apps, leveraging social engineering and fake domains – SarangTrap Fake Apps
• Vietnamese users targeted by the RedHook Android banking Trojan that uses phishing, keylogging, and remote access trojans to steal data – RedHook Trojan
• Email security remains outdated, stuck in antivirus-era filtering, with experts urging dynamic post-delivery detection and response to combat threats like business email compromise – Email Security Modernization
• Senator Maggie Hassan pressed Elon Musk on the misuse of Starlink technology by Southeast Asian scam networks that have caused billions in losses – Starlink Scam Inquiry, Starlink Scam Follow-up
• Tea app breach exposed selfies, driver’s licenses, and private chats leaked on hacking forums, worsening data privacy concerns – Tea App Data Leak, Tea App ID Leak
• JavaScript injection threats continue despite frameworks like React, with new vectors including prototype pollution, AI prompt injections, and supply chain attacks demanding layered security – JavaScript Injection Threats
• MFA can still be phished via downgrade and consent phishing attacks, with experts recommending adoption of passkeys as stronger phishing-resistant authentication – Phishing-Resistant Auth

AI, Automation & Security Innovations

• Microsoft Edge launched an AI-powered Copilot Mode integrating chat and browsing with strong emphasis on privacy and plans for advanced features – Microsoft Edge AI
• Seal Security raised $13M to enhance AI-driven software supply chain vulnerability detection and patch automation – Seal Security Funding
• Promptfoo secured $18.4M to develop AI security solutions protecting large language models from prompt injections, jailbreaks, and data leaks – Promptfoo AI Security
• Dropzone AI raised $37M to build autonomous AI SOC analysts that reduce alert fatigue by mimicking human reasoning – Dropzone AI Funding
• Fable Security raised $31M for its AI-based human risk management platform that monitors and mitigates risky employee behaviors in real time – Fable Security Fundraise
• Research suggests using chaos theory encryption can create quantum-resistant protections for resource-limited OT and IoT devices to prevent interception and reverse engineering – Chaos Theory Encryption

Corporate Security & Leadership

• Aanchal Gupta appointed Adobe’s new Chief Security Officer adding extensive experience from Microsoft, Meta, and Yahoo to lead AI governance and cybersecurity strategy – Adobe CSO Appointment
• Microsoft announced end of support for Windows 11 22H2 in October 2025, urging timely upgrades to maintain security – Windows 11 Support End
• Cyble launched a tailored cybersecurity support package based on the ACSC Essential 8 framework to improve cyber resilience for Australian financial institutions – Cyble Essential 8 Support

Emerging Threat Trends

• AI-generated deepfakes are increasingly realistic, threatening national security and financial sectors, with countermeasures including AI detection tools and regulation efforts – Deepfake Threats
• The browser has emerged as the primary cyber battleground in enterprise environments, facing attacks via phishing, malicious extensions, and credential theft exploiting SaaS reliance – Browser as Cyber Battleground

Cybersecurity News | Daily Recap – hendryadrian.com